After upgrade and deployed the site to QA env,
For the same tenant, some users login, they got this exception in ABP log: /api/account/my-profile [ { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": null, "validationErrors": null } ]
7 Answer(s)
-
0
There might be some permission name changes, have executed DbMigrator once in the QA environment database?
-
0
Our pipeline would automatically execute DbMigrator project against QA database
-
0
Hello,
If the database was created before and the data was seeded, the data may not be updated when it runs again. Because when we seed data, we almost always look at the number of records and if there is a record, we do not seed again. Thus, we do not seed duplicated data.
Does the problem persist when you delete and regenerate the database with DbMigrator?
In addition, does this problem only occur on a single endpoint? And does it also occur local development environment?
-
0
Hello,
If the database was created before and the data was seeded, the data may not be updated when it runs again. Because when we seed data, we almost always look at the number of records and if there is a record, we do not seed again. Thus, we do not seed duplicated data.
Does the problem persist when you delete and regenerate the database with DbMigrator?
In addition, does this problem only occur on a single endpoint? And does it also occur local development environment?
I drop my local Administration database, and run DbMigrator, the AbpPermission tables are empty
-
0
I checked the code, in AdministrationServiceHttpApiHostModule there is method this method would call _administrationServiceDataSeeder.SeedAsync(), even though I comment out the if statement, and run AdministrationService.HttpApi.Host, the Administrator Db's Permission table is still empty. It's pretty strange.
//if (!env.IsDevelopment()) { using (var scope = context.ServiceProvider.CreateScope()) { await scope.ServiceProvider .GetRequiredService<AdministrationServiceDatabaseMigrationChecker>() .CheckAndApplyDatabaseMigrationsAsync(); } }Then I run the project template created by ABP Studio, I run each micro service one by one (except for GdprService), then I export the permissions to csv and import to my app's Administraion database and using SQL left join by name and and I only find two missing entries: GroupName Name AdministrationService AdministrationService.Dashboard.Tenant AdministrationService AdministrationService.Dashboard.Host
Though if I left join by name and parent name, then I found 22 rows. I think it's a bug in ABP 9, instead of using Db Null value, it using string 'NULL' as parent name, but it should not relate to issue here. There must be something else regarding to permission policy. NameParentName AbpIdentity.ClaimTypes NULL AbpIdentity.OrganizationUnits NULL AbpIdentity.Roles NULL AbpIdentity.SecurityLogs NULL AbpIdentity.Sessions NULL AbpIdentity.SettingManagement NULL AbpIdentity.UserLookup NULL AbpIdentity.Users NULL AdministrationService.Dashboard.Host NULL AdministrationService.Dashboard.Tenant NULL AuditLogging.AuditLogs NULL FeatureManagement.ManageHostFeatures NULL LanguageManagement.Languages NULL LanguageManagement.LanguageTexts NULL OpenIddictPro.Application NULL OpenIddictPro.Scope NULL Saas.Editions NULL Saas.SettingManagement NULL Saas.Tenants NULL SettingManagement.Emailing NULL SettingManagement.TimeZone NULL TextTemplateManagement.TextTemplates NULL
-
0
The error shows the permission isn't granted for the current request / current authenticated user. A couple of reasons can cause this issue:
The user really don't have the permission.
The cookie/token might be obsolete or created by another authentication server or application itself, you can try to clear cookies and everything and authenticate again from scratch.
If you deployment is distributed, you can also try clearing Redis cache, since permissions are cached in Redis in distributed solutions. The cached data might be wrong, outdated or corrupted.
-
0
this might caused by item 2, since we figure out a wrong setting in deployment pipeline. I will close the ticket.
